Children’s trust reprimanded over data breach

'Lack of robust policies’ to protect privacy of service users at outsourced service running Birmingham’s children’s service
GDPR data protection

A trust set up to run Birmingham’s children’s services has been found in breach of data protection laws after a social worker shared confidential information about a child with another family.

The incident occurred in 2022 when the worker disclosed personal information on a child’s protection plan with a neighbour to the family. The information included details about the child was being investigated by West Midlands Police for alleged criminal offences.

The Birmingham Children’s Trust Community Interest Company was issued a reprimand for the infringement by the Information Commissioner’s Office (ICO).

The commissioner said there was a “lack of robust policies” and guidance at the outsourced company to ensure the security of personal information. It called for a review of policies to mitigate future breaches, backed by training for social workers.

Sally-Anne Poole, head of investigations at the ICO, said: “This disclosure of personal information by social workers at Birmingham Children's Trust Community Interest Company was a violation of privacy that would have caused distress to both the child and their family.  

“We expect all organisations processing personal information to ensure they have robust policies and procedures in place to protect it. We will take action when personal information, especially belonging to children and young people, is compromised.” 

The trust has since revised its child protection plan template to include a ‘confidential’ section to minimise the chances of future data breaches.

A Birmingham Children’s Trust spokesperson said: "We have carefully considered the ICO recommendations and have taken steps to help prevent such an occurrence from happening again.”